Exchange Server Forums
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
Outlook can't connect to Exchange account over the internet (Outlook Anywhere is already enabled)
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
Outlook can't connect to Exchange account over the inte... - 31.May2010 4:55:26 PM
|
|
|
Brotschaden
Posts: 10
Joined: 15.May2010
Status: offline
|
Wow... I don't want to think about how long I'm already sitting on this problem and just can't do it right. 
Here is the situation:
I can connect from the intranet to a mail exchange account using Outlook 2007 and when I try it from the internet it doesn't work.
Here is my network situation (one server):
Windows Server 2008 R2, Mail Exchange Server 2010 (has all roles), Domain Controller, Active Directory, Certificate Authority. Clients use Windows 7 with Outlook 2007.
Okay so I have a server that has all roles in a small firm network. I already deployed some mail accounts and they work pretty much fine. My customers want Exchange account for the use of a public address book and calender. So far they have Exchange account that work fine from the intranet, but fail when they try to use them from the internet.
To make Exchange accounts work, I enabled Outlook Anywhere and I can access the OWA with no issues. RCP for HTTP is also installed.
Because I wanted to spare myself the cost of an expensive cert, I made my own Certivicate Authority. I gave my clients the needed certs and they can successfully use the OWA without any cert warning. Therefor: I guess the certificates should be alright.
There is a nice tool called exRCA which is an online analyzer for your exchange server. I tried the Outlook Anywhere test. I do get an error, but also good news:
-Attempting to resolve the host name ### in DNS. WORKED
-Testing TCP Port 443 on host zeus.emsol.at to ensure it is listening and open. WORKED
-The certificate name is being validated. WORKED
-The certificate chain couldn't be built. You may be missing required intermediate certificates. ERROR 
Though I don't think it's the cert, because I did install the proper root certificate and the other certs I found on my server. I would like to make sure which cert this online test gets in it's hands. Does somebody know a way to find that out?
Somebody told me that this is alright, because I have a self assigned cert. Sadly there is no option to ignore SSL for the test. I will try on Wednesday with a Verisign Test cert the whole process just to make sure.
The authentification method is set to basic and seams to work.
When I try to deploy the mail account in Outlook 07/10 with the help of the "mail" service than it gets stuck right at the front page, telling me that Outlook can't establish a connection and needs a running internet connection. Too bad that I know that it says that everytime when something gets wrong. You don't get a real error message or something else. How lame is that?
I hope you can help me to solve this issue, because many many people on the internet seam to have the same problem, but where not able to fix it (or share their working solution at the end =/ )
|
|
|
|
RE: Outlook can't connect to Exchange account over the ... - 1.Jun.2010 11:42:07 AM
|
|
|
telnet25@gmail.com
Posts: 18
Joined: 4.May2010
Status: offline
|
I will have one comment to your statement "Because I wanted to spare myself the cost of an expensive cert"
Cert will cost you $12 bucks at GoDady.
http://www.godaddy.com/Compare/gdcompare_ssl.aspx?isc=sslqgo011b
Does it realy worth the headache , how much $$$ is costing you and this business not having working futures in Exchange 2010?
By the way, installing exchange never been good idea on domain controller, despite the people do it more the "cost" reasons, which makes not much sense if you calculate the troubles you might have down the road and all those cost and not to mentioned bad user experience may be bonus to this deployment.
Perhaps you would go for HyperV installation instead and looking into MS offerings for free licensing and not to install Exchange 2010 on top of domain controller (-:
good luck
_____________________________
Oz Casey Dedeal
Systems Engineer
MVP (exchange)
MCITP (EMA), MCITP (EA), MCITP (SA),
MCSE 2003,| M+ |S+ MCDST | Security+|Project+| Server+|
http://smtp25.blogspot.com
http://telnet25.wordpress.com
http://telnet25.spaces.live
|
|
|
|
|
RE: Outlook can't connect to Exchange account over the ... - 2.Jun.2010 8:18:21 AM
|
|
|
Brotschaden
Posts: 10
Joined: 15.May2010
Status: offline
|
I was able to solve it. -First off: exRCA doesn't work if you don't have a third party cert. So if you don't have a third party SSL cert you will have pretty much no use for the Outlook Anywhere test and it will confuse you. It works with a personal CA.
The thing is that Outlook doesn't seam to use HTTP over RCP by default. At least not all the time by default settings.
(some names may vary because I work on a system that's on German)
1. Get your clients machine into your INTERNAL network
2. Go to start and execute the program "Mail" (It's a service to deploy email accounts. You'll need it for Outlook Exchange accounts)
3. Enter your data and make sure that your exchange account work
4. Open Outlook and make sure that you are still connected to the internal network and your exchange account works fine.
5. CTRL+Click on the small Outlook icon in the right corner of your task bar
6. Go to "See Connection Status" (or something like that)
7. You will see the protocols that your exchange account uses. If it's not HTTP or HTTPS it will probably not work over the external internet. To make sure that it does use HTTP(s) over RCP we have to do some settings IN outlook itself
8. Go to Extras -> Account Settings and choose your exchange account and go to settings.
9. Go to advanced settings and to connection
10. Enable "Use HTTP all the time" and go to the advanced settings of it afterwards
11. In these settings enter your proxy exchange server, your authentication method and enable to use HTTP for slow and fast connections.
12. Restart Outlook and do step 5-7 to make sure if HTTP is used for the exchange account. Is it used? Yes? Good! If not: I would analyze your RCP over HTTP settings. I can't tell you anything on how to troubleshoot RCP over HTTP.
13. Try to connect to your exchange account over the internet with Outlook. It should work now.
You need to have a working connection (preferable over the internal network) to get those settings in Outlook. Before you don't have this connection you won't get those HTTP properties for your mail account. This method does work with self assigned certs if you have installed the root certs and all the other certs you need. Anyway I would recommend to just buy a cheap one by GoDaddy. The troubles that you might get are not worth the little money that you would pay for such a cert.
I'll install Blach Berry Enterprise Server Express now and the certs on the smartphones and will see if this will work fine too. I hope so!
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
